Secret Information Leakage Prevention System, Secret Information Leakage Prevention Method and Secret Information Leakage Prevention Program

1. A secret information leakage prevention system in which two or more clients, each including an application program that transmits a network access request, and a server are able to communicate via a network, wherein: at least one of the two or more clients includes first network access control unit for controlling the network access request transmitted from the application program to the server, based on a security level assigned to the application program, the server includes second network access control unit for determining, in response to the network access request transmitted from one of the two or more clients, whether the first network access control unit has been introduced to the client that has transmitted the network access request, the second network access control unit authorizing the network access request without controlling the network access request when the determination result is positive, the second network access control unit controlling the network access request based on a security level assigned to an access target of the network access request when the determination result is negative; and the first network access control unit and the second network access control unit control the application program based on the same security level.

2. The secret information leakage prevention system according to claim 1 , wherein the client including the first network access control unit includes first authentication unit for executing an authentication process of authenticating, with the server, that the first network access control unit has been introduced, the server includes second authentication unit for executing the authentication process with the client including the first network access control unit, and registering the client as an authenticated client when the authentication process is successful, and the second network access control unit determines, when the client having transmitted the network access request is registered as the authenticated client, that the first network access control unit has been introduced to the client.

3. The secret information leakage prevention system according to claim 1 , wherein the second network access control unit sets a provisional security level for the application that has transmitted the network access request when the determination result is negative and controls the network access request based on the set provisional security level and the security level assigned to the access target.

4. The secret information leakage prevention system according to claim 2 , wherein the first authentication unit executes the authentication process with the second authentication unit using a key held in the first network access control unit.

5. The secret information leakage prevention system according to claim 2 , wherein the first authentication unit includes: first transmission unit for transmitting a first challenge code generated using a first random number to the server; first reception unit for receiving a first response code and a second challenge code based on the first challenge code that are transmitted from the server; first response code generation unit for generating a first response code based on a first key held in the first network access control unit and the generated first challenge code; first determination unit for determining whether the first response code received by the first reception unit matches the first response code generated by the first response code generation unit; and second transmission unit for transmitting a second response code generated from the second challenge code received by the first reception unit to the server when the determination result from the first determination unit is positive, and the second authentication unit includes: third transmission unit for transmitting, to the client, a first response code generated using a second key held in the second authentication unit from the first challenge code transmitted from the first client and a second challenge code generated using a second random number; second reception unit for receiving the second response code based on the second challenge code and transmitted from the first client; second response code generation unit for generating a second response code based on the second key and the generated second challenge code; and second determination unit for determining whether the second response code transmitted from the first client matches the second response code generated by the second response code generation unit, and regarding the authentication process as being successful when the determination result is positive.

6. The secret information leakage prevention system according to claim 2 , wherein the first authentication unit executes the authentication process with the server on the condition that the first network access control unit is in operation.

7. The secret information leakage prevention system according to claim 6 , wherein the first authentication unit acquires a list of processes in execution from an operating system, and determines whether the first network access control unit is in operation by confirming whether the first network access control unit is included in the acquired process list.

8. A secret information leakage prevention method in a secret information leakage prevention system in which two or more clients, each including an application program that transmits a network access request, and a server are able to communicate via a network, wherein: at least one of the two or more clients executes a first network access control step of controlling the network access request transmitted from the application program to the server, based on a security level assigned to the application program, the server executes a second network access control step of determining, in response to the network access request transmitted from one of the two or more clients, whether the first network access control step is executed in the client that has transmitted the network access request, the second network access control step authorizing the network access request without controlling the network access request when the determination result is positive, the second network access control step controlling the network access request based on a security level assigned to an access target of the network access request when the determination result is negative; and the first network access control step and the second network access control step control the application program based on the same security level.

9. A non-transitory computer readable storage medium storing a program for: causing at least one of two or more clients, each including an application program that transmits a network access request, to execute a first network access control step of controlling the network access request transmitted from the application program to the server, based on a security level assigned to the application program; and causing the server to execute a second network access control step of determining, in response to the network access request transmitted from one of the two or more clients, whether the first network access control step is executed in the client that has transmitted the network access request, the second network access control step authorizing the network access request without controlling the network access request when the determination result is positive, the second network access control step controlling the network access request based on a security level assigned to an access target of the network access request when the determination result is negative; wherein the first network access control step and the second network access control step control the application program based on the same security level.

10. A server which is able to communicate via a network two or more clients, each including an application program that transmits a network access request, wherein: at least one of the two or more clients includes first network access control unit for controlling the network access request transmitted from the application program to the server, based on a security level assigned to the application program, the server includes second network access control unit for determining, in response to the network access request transmitted from one of the two or more clients, whether the first network access control unit has been introduced to the client that has transmitted the network access request, the second network access control unit authorizing the network access request without controlling the network access request when the determination result is positive, the second network access control unit controlling the network access request based on a security level assigned to an access target of the network access request when the determination result is negative; and the first network access control unit and the second network access control unit control the application program based on the same security level.

11. A secret information leakage prevention method in a server which is able to communicate via a network two or more clients, each including an application program that transmits a network access request, wherein: at least one of the two or more clients executes a first network access control step of controlling the network access request transmitted from the application program to the server, based on a security level assigned to the application program, the server executes a second network access control step of determining, in response to the network access request transmitted from one of the two or more clients, whether the first network access control step is executed in the client that has transmitted the network access request, the second network access control step authorizing the network access request without network access control step when the determination result is positive, the second network access control step controlling the network access request based on a security level assigned to an access target of the network access request when the determination result is negative; the first network access control step and the second network access control step control the application program based on the same security level.

12. A non-transitory computer readable storage medium storing a program for causing a computer to function as a server which is able to communicate via a network two or more clients, each including an application program that transmits a network access request, wherein: at least one of the two or more clients includes a first network access control unit for controlling the network access request transmitted from the application program to the server, based on a security level assigned to the application program at, the program causes the computer to function as: a second network access control unit for determining, in response to the network access request transmitted from one of the two or more clients, whether the first network access control unit has been introduced to the client that has transmitted the network access request, the second network access control unit authorizing the network access request without controlling the network access request when the determination result is positive, the second network access control unit controlling the network access request based on a security level assigned to an access target of the network access request when the determination result is negative; and the first network access control unit and the second network access control unit control the application program based on the same security level.